Affected Versions:
Apache CouchDB releases up to and including 1.0.3, 1.1.1, and 1.2.0
are vulnerable.

Description:
Query parameters passed into the browser-based test suite are not sanitised,
and can be used to load external resources. An attacker may execute JavaScript
code in the browser, using the context of the remote user.

Mitigation:
Upgrade to a supported release that includes this fix, such as Apache
CouchDB 1.0.4, 1.1.2, 1.2.1, and the future 1.3.x series, all of which
include a specific fix.